Primary

Context

Contact Form by Bit Form Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Contact Form by Bit Form plugin for WordPress, affecting all versions through 2.17.4. The issue arises from inadequate directory listing prevention and the absence of file name randomization, which enables unauthenticated attackers to access sensitive data, including files uploaded via forms. This vulnerability was partially addressed in version 2.17.5.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including files uploaded through the contact forms.

Remediation

Users are advised to update the Contact Form by Bit Form plugin to version 2.17.6 or a newer patched version.

Added: Jul 2, 2025, 6:19 AM

Updated: Jul 2, 2025, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Contact Form by Bit Form Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating